Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229921 7.5 危険 PreProject.com - Pre Real Estate Listings の search.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4177 2012-12-20 18:52 2008-09-23 Show GitHub Exploit DB Packet Storm
229922 7.5 危険 proarcadescript - ProArcadeScript における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4173 2012-12-20 18:52 2008-09-22 Show GitHub Exploit DB Packet Storm
229923 7.5 危険 rfaah - Cars & Vehicle の page.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4172 2012-12-20 18:52 2008-09-22 Show GitHub Exploit DB Packet Storm
229924 4.3 警告 pro2col - Pro2col Stingray FTS の verify_login.jsp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4168 2012-12-20 18:52 2008-09-22 Show GitHub Exploit DB Packet Storm
229925 7.5 危険 zanfi solutions - Zanfi CMS lite および Jaw Portal の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4159 2012-12-20 18:52 2008-09-22 Show GitHub Exploit DB Packet Storm
229926 6.8 警告 zanfi solutions - Zanfi CMS lite の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-4158 2012-12-20 18:52 2008-09-22 Show GitHub Exploit DB Packet Storm
229927 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech phpVID の groups.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4157 2012-12-20 18:52 2008-09-22 Show GitHub Exploit DB Packet Storm
229928 7.5 危険 razorecommerce - RazorCommerce Shopping Cart の category_search.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4143 2012-12-20 18:52 2008-09-24 Show GitHub Exploit DB Packet Storm
229929 7.5 危険 x10media - x10Media x10 Automatic MP3 Script における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-4141 2012-12-20 18:52 2008-09-24 Show GitHub Exploit DB Packet Storm
229930 10 危険 technote - Technote の skin_shop/standard/3_plugin_twindow/twindow_notice.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-4138 2012-12-20 18:52 2008-09-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 29, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
196041 4.8 MEDIUM
Network 		otrs survey Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS A… CWE-79
Cross-site Scripting 		CVE-2021-21434 2024-11-21 14:48 2021-02-8 Show GitHub Exploit DB Packet Storm
196042 5.3 MEDIUM
Network 		jenkins jenkins Jenkins 2.275 and LTS 2.263.2 allows reading arbitrary files using the file browser for workspaces and archived artifacts due to a time-of-check to time-of-use (TOCTOU) race condition. CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2021-21615 2024-11-21 14:48 2021-01-27 Show GitHub Exploit DB Packet Storm
196043 7.5 HIGH
Network 		zte zxr10_9904_firmware
zxr10_9908_firmware
zxr10_9916_firmware
zxr10_9904-s_firmware
zxr10_9908-s_firmware 		Some ZTE products have a DoS vulnerability. Due to the improper handling of memory release in some specific scenarios, a remote attacker can trigger the vulnerability by performing a series of operat… CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2021-21723 2024-11-21 14:48 2021-01-27 Show GitHub Exploit DB Packet Storm
196044 4.4 MEDIUM
Local 		zte zxv10_b860a_firmware A ZTE Smart STB is impacted by an information leak vulnerability. The device did not fully verify the log, so attackers could use this vulnerability to obtain sensitive user information for further i… CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2021-21722 2024-11-21 14:48 2021-01-15 Show GitHub Exploit DB Packet Storm
196045 5.5 MEDIUM
Local 		jenkins bumblebee_hp_alm Jenkins Bumblebee HP ALM Plugin 4.1.5 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the Jenkin… CWE-522
 Insufficiently Protected Credentials 		CVE-2021-21614 2024-11-21 14:48 2021-01-14 Show GitHub Exploit DB Packet Storm
196046 6.1 MEDIUM
Network 		jenkins tics Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service respon… CWE-79
Cross-site Scripting 		CVE-2021-21613 2024-11-21 14:48 2021-01-14 Show GitHub Exploit DB Packet Storm
196047 5.5 MEDIUM
Local 		jenkins tracetronic_ecu-test Jenkins TraceTronic ECU-TEST Plugin 2.23.1 and earlier stores credentials unencrypted in its global configuration file on the Jenkins controller where they can be viewed by users with access to the J… CWE-522
 Insufficiently Protected Credentials 		CVE-2021-21612 2024-11-21 14:48 2021-01-14 Show GitHub Exploit DB Packet Storm
196048 5.4 MEDIUM
Network 		jenkins jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability explo… CWE-79
Cross-site Scripting 		CVE-2021-21611 2024-11-21 14:48 2021-01-14 Show GitHub Exploit DB Packet Storm
196049 6.1 MEDIUM
Network 		jenkins jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-… CWE-79
Cross-site Scripting 		CVE-2021-21610 2024-11-21 14:48 2021-01-14 Show GitHub Exploit DB Packet Storm
196050 5.3 MEDIUM
Network 		jenkins jenkins Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some UR… CWE-863
 Incorrect Authorization 		CVE-2021-21609 2024-11-21 14:48 2021-01-14 Show GitHub Exploit DB Packet Storm